British Airways, GDPR and data breaches

GDPR and the first potential major UK GDPR is due for take off

British Airways has been quick off the mark following a data breach. We are wondering if since GDPR came into force, companies are much more likely to make this kind of breach public.

Once again GDPR has proved to be a smart move

Actually, this goes to underscore what we have been saying about GDPR being good for business. Why? It underscores good business practice and should not be seen as a pain. British Airways have run into a storm. It’s never good news to experience security turbulence and it’s never good for reputational management. The best thing to do is, ‘fess’ up and move on isn’t it?

Transparency is the new watchword post GDPR

What has happened is that British Airways have been praised regarding the way in which they have dealt with this unwelcome data breach. They have been incredibly transparent and amazingly quick at holding up their hands and admitting a data breach. By alerting customers and also police plus the Information Commissioner’s Office (ICO) they comply with GDPR legislation. After all they had been hacked from desktop and the mobile app.

Although, no one is happy to hear regarding a security breach this swift response and alerts can give customers the chance to contact their banks and take evasive action. This is very different from the past where some companies said nothing or finally told customers months later when the situation had been resolved. However, that was too late sadly, for any member of the public to protect him or herself. Too late to even begin to wonder how many times their data has been sold on.

Are you still concerned about your company and its GDPR compliance? We can help you. Simply start by looking at our useful GDPR resources here. If you would like to chat through your GDPR issues then contact us and we’ll do our best to resolve your concerns.

We need to work together to minimise hackers’ success

This is good for a number of reasons. Yes, it shows compliance and that is a legal necessity, but by bringing customers on side, hackers have less likelihood of using their stolen data as effectively.

Business and consumer are inextricably linked

Just as we ‘promise to pay the bearer’ the specific amount of money printed on a piece of paper, when we pay for goods online we start a relationship. We buy a product or service and we expect to receive it. The business expects to receive payment and both parties hope that the transaction or data will not be the victim to contemporary highwayman tactics.

Has GDPR forced you to change your attitude to data? Read what GDPR Tracker has to say on the issue and business opportunity right here.

We cannot ignore the fact that we are bound together

Neither can companies become blasé about their assets. With life passing at lightning speed and so many assets being developed, amended, abandoned and transformed it’s easy to forget to protect all sections. Shadow IT and legacy applications need to be dealt with and patched as a matter of urgency. Certainly with GDPR fines for non-compliance looming large this will focus the mind.

Did you book a flight with BA between 21st August 2018 and 5th September?

Also, with consumers expecting transparency and being kept in the loop, it is for everyone’s interest that GDPR is implemented whole-heartedly. If you’ve been on Mars for the past few weeks and booked your flight through BA before you went, accounts have been compromised if they were used between 21st August 2018 at22h58 and 5th September up to 21.45. We are writing this on the 7th September ; that demonstrates just how fast BA reacted.

Attitudes to data breaches have changed

Obviously the usual apologies have been posted and there was no travel disruption. However, everyone that has been affected will know by now and BA will be reimbursing anyone who has suffered financial losses alongside undertaking a credit checking service. It does seem as though GDPR has forced attitudes to change.

This is not an ideal piece of publicity for British Airways

After all, this is a company that has experience a number of IT failures. When companies rely so much on IT safeguards are vital on every level. This particular breach is more than likely to form the very first UK GDPR case since it came into force in 2018. It remains to be seen just how British Airways has been operating and if there was any negligence on their behalf that might have contributed to the situation. The fact they were so quick to alert all affected parties and the authorities they have gone about managing this situation effectively.

However, not everything is such an open and shut case in GDPR Land

We are all mightily tired of the word ‘Brexit’ but it will be a long time until we can rid ourselves of this topic. You might be saying, ‘Frankly my dear I don’t give a damn’ but like Gone With the Wind Brexit will run and run.

Meanwhile, the UK is busy developing its own amendments to rules and regs

This is all part of its preparations for 2019. Right now it is being accused of undermining the General Data Protection Regulation and the European Union’s Charter of Fundamental Rights. With regard to GDPR, two groups campaigning for human rights have said that brand new UK data protection legislation is not playing by the rules. As a consequence they intend to launch a judicial review to questions and exemption in the DPA 2018 with regard to immigrants accessing their own data.

Your data access will depend on who you are

What the row is all about is the fundamental data subject rights are being written over. If the person controlling the required data feels that any data that might be disclosed would actually “prejudice the maintenance of effective immigration control or the investigation or detection of activities that would undermine the maintenance of effective immigration control” the person concerned should not be allowed access.

This appears to cut across the whole concept underlining GDPR

We control our data and should be able to access it. However, the government is not keen to share certain information regarding potential deportation arrangements for example. Without the information it will be very difficult to challenge an unlawful deportation for example. Not only this but information will be withheld from DVLA, the NHS, banks, employers, landlords etc. if you are an immigrant in the UK.

Ironically this information has always been available and it is only now that the UK government is withholding it. This will almost definitely be challenged and it will be interesting to see what happens in the long term. What are your thoughts on these two stories? We’d love to know. Do contact us about anything GDPR related.

Sharing is caring!